Warning: Permanently added '10.128.0.239' (ED25519) to the list of known hosts. executing program [ 34.902370][ T3964] [ 34.903034][ T3964] ===================================================== [ 34.904938][ T3964] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 34.906842][ T3964] 5.15.126-syzkaller-00092-g24c4de4069cb #0 Not tainted [ 34.908678][ T3964] ----------------------------------------------------- [ 34.910453][ T3964] syz-executor398/3964 [HC0[0]:SC0[2]:HE1:SE0] is trying to acquire: [ 34.912654][ T3964] ffff800014b85980 (fs_reclaim){+.+.}-{0:0}, at: slab_pre_alloc_hook+0x38/0xe8 [ 34.915072][ T3964] [ 34.915072][ T3964] and this task is already holding: [ 34.917054][ T3964] ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 34.919480][ T3964] which would create a new lock dependency: [ 34.921078][ T3964] (noop_qdisc.q.lock){+.-.}-{2:2} -> (fs_reclaim){+.+.}-{0:0} [ 34.923077][ T3964] [ 34.923077][ T3964] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 34.925600][ T3964] (noop_qdisc.q.lock){+.-.}-{2:2} [ 34.925618][ T3964] [ 34.925618][ T3964] ... which became SOFTIRQ-irq-safe at: [ 34.929016][ T3964] lock_acquire+0x240/0x77c [ 34.930239][ T3964] _raw_spin_lock+0xb0/0x10c [ 34.931492][ T3964] net_tx_action+0x634/0x884 [ 34.932762][ T3964] __do_softirq+0x344/0xe20 [ 34.934008][ T3964] do_softirq+0x120/0x20c [ 34.935211][ T3964] __local_bh_enable_ip+0x2c0/0x4d0 [ 34.936645][ T3964] local_bh_enable+0x28/0x174 [ 34.937933][ T3964] dev_deactivate_many+0x580/0xbe4 [ 34.939379][ T3964] dev_deactivate+0x13c/0x1fc [ 34.940649][ T3964] linkwatch_do_dev+0x2a8/0x3c8 [ 34.941932][ T3964] __linkwatch_run_queue+0x424/0x730 [ 34.943402][ T3964] linkwatch_event+0x58/0x68 [ 34.944695][ T3964] process_one_work+0x790/0x11b8 [ 34.946078][ T3964] worker_thread+0x910/0x1034 [ 34.947393][ T3964] kthread+0x37c/0x45c [ 34.948515][ T3964] ret_from_fork+0x10/0x20 [ 34.949714][ T3964] [ 34.949714][ T3964] to a SOFTIRQ-irq-unsafe lock: [ 34.951630][ T3964] (fs_reclaim){+.+.}-{0:0} [ 34.951649][ T3964] [ 34.951649][ T3964] ... which became SOFTIRQ-irq-unsafe at: [ 34.955054][ T3964] ... [ 34.955061][ T3964] lock_acquire+0x240/0x77c [ 34.956928][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 34.958266][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 34.959590][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 34.961136][ T3964] init_rescuer+0xa4/0x264 [ 34.962318][ T3964] workqueue_init+0x2b4/0x640 [ 34.963584][ T3964] kernel_init_freeable+0x448/0x650 [ 34.964988][ T3964] kernel_init+0x24/0x294 [ 34.966194][ T3964] ret_from_fork+0x10/0x20 [ 34.967417][ T3964] [ 34.967417][ T3964] other info that might help us debug this: [ 34.967417][ T3964] [ 34.970102][ T3964] Possible interrupt unsafe locking scenario: [ 34.970102][ T3964] [ 34.972285][ T3964] CPU0 CPU1 [ 34.973674][ T3964] ---- ---- [ 34.975097][ T3964] lock(fs_reclaim); [ 34.976190][ T3964] local_irq_disable(); [ 34.977902][ T3964] lock(noop_qdisc.q.lock); [ 34.979770][ T3964] lock(fs_reclaim); [ 34.981487][ T3964] [ 34.982379][ T3964] lock(noop_qdisc.q.lock); [ 34.983664][ T3964] [ 34.983664][ T3964] *** DEADLOCK *** [ 34.983664][ T3964] [ 34.985790][ T3964] 2 locks held by syz-executor398/3964: [ 34.987235][ T3964] #0: ffff8000169e74a8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0xa2c/0xdac [ 34.989737][ T3964] #1: ffff800016a26e08 (noop_qdisc.q.lock){+.-.}-{2:2}, at: netem_change+0x22c/0x1a90 [ 34.992351][ T3964] [ 34.992351][ T3964] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 34.995211][ T3964] -> (noop_qdisc.q.lock){+.-.}-{2:2} { [ 34.996692][ T3964] HARDIRQ-ON-W at: [ 34.997773][ T3964] lock_acquire+0x240/0x77c [ 34.999420][ T3964] _raw_spin_lock+0xb0/0x10c [ 35.001160][ T3964] __dev_queue_xmit+0x8d0/0x2a6c [ 35.002905][ T3964] dev_queue_xmit+0x24/0x34 [ 35.004569][ T3964] tx+0x8c/0x130 [ 35.005934][ T3964] kthread+0x1ac/0x374 [ 35.007369][ T3964] kthread+0x37c/0x45c [ 35.008852][ T3964] ret_from_fork+0x10/0x20 [ 35.010403][ T3964] IN-SOFTIRQ-W at: [ 35.011461][ T3964] lock_acquire+0x240/0x77c [ 35.013072][ T3964] _raw_spin_lock+0xb0/0x10c [ 35.014754][ T3964] net_tx_action+0x634/0x884 [ 35.016433][ T3964] __do_softirq+0x344/0xe20 [ 35.018095][ T3964] do_softirq+0x120/0x20c [ 35.019728][ T3964] __local_bh_enable_ip+0x2c0/0x4d0 [ 35.021544][ T3964] local_bh_enable+0x28/0x174 [ 35.023343][ T3964] dev_deactivate_many+0x580/0xbe4 [ 35.025151][ T3964] dev_deactivate+0x13c/0x1fc [ 35.026852][ T3964] linkwatch_do_dev+0x2a8/0x3c8 [ 35.028664][ T3964] __linkwatch_run_queue+0x424/0x730 [ 35.030535][ T3964] linkwatch_event+0x58/0x68 [ 35.032181][ T3964] process_one_work+0x790/0x11b8 [ 35.033903][ T3964] worker_thread+0x910/0x1034 [ 35.035566][ T3964] kthread+0x37c/0x45c [ 35.037151][ T3964] ret_from_fork+0x10/0x20 [ 35.038798][ T3964] INITIAL USE at: [ 35.039844][ T3964] lock_acquire+0x240/0x77c [ 35.041499][ T3964] _raw_spin_lock+0xb0/0x10c [ 35.043188][ T3964] __dev_queue_xmit+0x8d0/0x2a6c [ 35.044900][ T3964] dev_queue_xmit+0x24/0x34 [ 35.046488][ T3964] tx+0x8c/0x130 [ 35.047862][ T3964] kthread+0x1ac/0x374 [ 35.049324][ T3964] kthread+0x37c/0x45c [ 35.050839][ T3964] ret_from_fork+0x10/0x20 [ 35.052404][ T3964] } [ 35.053051][ T3964] ... key at: [] noop_qdisc+0x108/0x320 [ 35.055133][ T3964] [ 35.055133][ T3964] the dependencies between the lock to be acquired [ 35.055140][ T3964] and SOFTIRQ-irq-unsafe lock: [ 35.058670][ T3964] -> (fs_reclaim){+.+.}-{0:0} { [ 35.059962][ T3964] HARDIRQ-ON-W at: [ 35.061000][ T3964] lock_acquire+0x240/0x77c [ 35.062627][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 35.064401][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 35.066144][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 35.068103][ T3964] init_rescuer+0xa4/0x264 [ 35.069693][ T3964] workqueue_init+0x2b4/0x640 [ 35.071430][ T3964] kernel_init_freeable+0x448/0x650 [ 35.073317][ T3964] kernel_init+0x24/0x294 [ 35.074860][ T3964] ret_from_fork+0x10/0x20 [ 35.076443][ T3964] SOFTIRQ-ON-W at: [ 35.077505][ T3964] lock_acquire+0x240/0x77c [ 35.079121][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 35.080879][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 35.082616][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 35.084626][ T3964] init_rescuer+0xa4/0x264 [ 35.086340][ T3964] workqueue_init+0x2b4/0x640 [ 35.088036][ T3964] kernel_init_freeable+0x448/0x650 [ 35.089871][ T3964] kernel_init+0x24/0x294 [ 35.091493][ T3964] ret_from_fork+0x10/0x20 [ 35.093097][ T3964] INITIAL USE at: [ 35.094112][ T3964] lock_acquire+0x240/0x77c [ 35.095712][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 35.097494][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 35.099362][ T3964] kmem_cache_alloc_node_trace+0xa0/0x4c4 [ 35.101298][ T3964] init_rescuer+0xa4/0x264 [ 35.102904][ T3964] workqueue_init+0x2b4/0x640 [ 35.104545][ T3964] kernel_init_freeable+0x448/0x650 [ 35.106308][ T3964] kernel_init+0x24/0x294 [ 35.107888][ T3964] ret_from_fork+0x10/0x20 [ 35.109445][ T3964] } [ 35.110087][ T3964] ... key at: [] __fs_reclaim_map+0x0/0x200 [ 35.112373][ T3964] ... acquired at: [ 35.113488][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 35.114849][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 35.116216][ T3964] __kmalloc_node+0xbc/0x5b8 [ 35.117503][ T3964] kvmalloc_node+0x88/0x204 [ 35.118742][ T3964] get_dist_table+0x9c/0x2a4 [ 35.120107][ T3964] netem_change+0x7cc/0x1a90 [ 35.121347][ T3964] netem_init+0x54/0xb8 [ 35.122513][ T3964] qdisc_create+0x6fc/0xf44 [ 35.123745][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 35.125108][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 35.126516][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 35.127825][ T3964] rtnetlink_rcv+0x28/0x38 [ 35.129053][ T3964] netlink_unicast+0x664/0x938 [ 35.130389][ T3964] netlink_sendmsg+0x844/0xb38 [ 35.131722][ T3964] ____sys_sendmsg+0x584/0x870 [ 35.133025][ T3964] ___sys_sendmsg+0x214/0x294 [ 35.134270][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 35.135659][ T3964] invoke_syscall+0x98/0x2b8 [ 35.136909][ T3964] el0_svc_common+0x138/0x258 [ 35.138208][ T3964] do_el0_svc+0x58/0x14c [ 35.139362][ T3964] el0_svc+0x7c/0x1f0 [ 35.140477][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 35.141905][ T3964] el0t_64_sync+0x1a0/0x1a4 [ 35.143171][ T3964] [ 35.143791][ T3964] [ 35.143791][ T3964] stack backtrace: [ 35.145359][ T3964] CPU: 1 PID: 3964 Comm: syz-executor398 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 35.148088][ T3964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 35.150708][ T3964] Call trace: [ 35.151617][ T3964] dump_backtrace+0x0/0x530 [ 35.152789][ T3964] show_stack+0x2c/0x3c [ 35.153911][ T3964] dump_stack_lvl+0x108/0x170 [ 35.155135][ T3964] dump_stack+0x1c/0x58 [ 35.156266][ T3964] __lock_acquire+0x62b4/0x7620 [ 35.157529][ T3964] lock_acquire+0x240/0x77c [ 35.158710][ T3964] fs_reclaim_acquire+0xf0/0x1d0 [ 35.160072][ T3964] slab_pre_alloc_hook+0x38/0xe8 [ 35.161343][ T3964] __kmalloc_node+0xbc/0x5b8 [ 35.162550][ T3964] kvmalloc_node+0x88/0x204 [ 35.163754][ T3964] get_dist_table+0x9c/0x2a4 [ 35.164996][ T3964] netem_change+0x7cc/0x1a90 [ 35.166173][ T3964] netem_init+0x54/0xb8 [ 35.167253][ T3964] qdisc_create+0x6fc/0xf44 [ 35.168422][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 35.169738][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 35.171024][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 35.172304][ T3964] rtnetlink_rcv+0x28/0x38 [ 35.173498][ T3964] netlink_unicast+0x664/0x938 [ 35.174772][ T3964] netlink_sendmsg+0x844/0xb38 [ 35.176069][ T3964] ____sys_sendmsg+0x584/0x870 [ 35.177355][ T3964] ___sys_sendmsg+0x214/0x294 [ 35.178602][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 35.180002][ T3964] invoke_syscall+0x98/0x2b8 [ 35.181233][ T3964] el0_svc_common+0x138/0x258 [ 35.182485][ T3964] do_el0_svc+0x58/0x14c [ 35.183609][ T3964] el0_svc+0x7c/0x1f0 [ 35.184628][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 35.185988][ T3964] el0t_64_sync+0x1a0/0x1a4 [ 35.187260][ T3964] BUG: sleeping function called from invalid context at include/linux/sched/mm.h:209 [ 35.189681][ T3964] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 3964, name: syz-executor398 [ 35.192148][ T3964] INFO: lockdep is turned off. [ 35.193403][ T3964] Preemption disabled at: [ 35.193414][ T3964] [] netem_change+0x22c/0x1a90 [ 35.196138][ T3964] CPU: 1 PID: 3964 Comm: syz-executor398 Not tainted 5.15.126-syzkaller-00092-g24c4de4069cb #0 [ 35.198778][ T3964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 [ 35.201409][ T3964] Call trace: [ 35.202297][ T3964] dump_backtrace+0x0/0x530 [ 35.203486][ T3964] show_stack+0x2c/0x3c [ 35.204537][ T3964] dump_stack_lvl+0x108/0x170 [ 35.205721][ T3964] dump_stack+0x1c/0x58 [ 35.206801][ T3964] ___might_sleep+0x380/0x4dc [ 35.208034][ T3964] __might_sleep+0x98/0xf0 [ 35.209188][ T3964] slab_pre_alloc_hook+0x58/0xe8 [ 35.210466][ T3964] __kmalloc_node+0xbc/0x5b8 [ 35.211711][ T3964] kvmalloc_node+0x88/0x204 [ 35.212916][ T3964] get_dist_table+0x9c/0x2a4 [ 35.214199][ T3964] netem_change+0x7cc/0x1a90 [ 35.215431][ T3964] netem_init+0x54/0xb8 [ 35.216480][ T3964] qdisc_create+0x6fc/0xf44 [ 35.217679][ T3964] tc_modify_qdisc+0x8dc/0x1344 [ 35.218959][ T3964] rtnetlink_rcv_msg+0xa74/0xdac [ 35.220303][ T3964] netlink_rcv_skb+0x20c/0x3b8 [ 35.221642][ T3964] rtnetlink_rcv+0x28/0x38 [ 35.222797][ T3964] netlink_unicast+0x664/0x938 [ 35.224086][ T3964] netlink_sendmsg+0x844/0xb38 [ 35.225352][ T3964] ____sys_sendmsg+0x584/0x870 [ 35.226653][ T3964] ___sys_sendmsg+0x214/0x294 [ 35.227918][ T3964] __arm64_sys_sendmsg+0x1ac/0x25c [ 35.229331][ T3964] invoke_syscall+0x98/0x2b8 [ 35.230574][ T3964] el0_svc_common+0x138/0x258 [ 35.231845][ T3964] do_el0_svc+0x58/0x14c [ 35.232985][ T3964] el0_svc+0x7c/0x1f0 [ 35.234027][ T3964] el0t_64_sync_handler+0x84/0xe4 [ 35.235376][ T3964] el0t_64_sync+0x1a0/0x1a4